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Period for Reply 
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DETAILED ACTION 

1. In view of the Appeal Brief filed on December 19, 2005, PROSECUTION IS 
HEREBY REOPENED. A new grounds of rejection is set forth below. 

To avoid abandonment of the application, appellant must exercise one of the 
following two options: 

(1 ) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply 
under 37 CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed 
by an appeal brief under 37 CFR 41 .37. The previously paid notice of appeal fee and 
appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth 
in 37 CFR 41 .20 have been increased since they were previously paid, then appellant 
must pay the difference between the increased fees and the amount previously paid. 

2. Claims 1-26 are currently being considered. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 
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3. Claims 1-26 are rejected under 35 U.S.C. 102(a) as being anticipated by 
Schneier et al. ("Cryptographic Support for Secure Logs on Untrusted Machines"). 

Regarding claim 1 , Schneier discloses: 

A log file protection system for protecting log files in which computer system 
operations have been recorded, comprising: 

log file creation means which create a plurality of identical log files which record 
the operations of said computer systems (Section 3^2: paragraph 1; Section 4.2: 
paragraphs 8-1 1 ), wherein it is stated that "U 0 should log the data in several parallel 
logfiles, with each logfile using a different untrusted server as its trusted server"; 

alteration detection means which periodically monitor said plurality of identical log 
files for alteration or deletion (Section 1 : paragraphs 4, 9-1 1 /Section 3.3: paragraph 1 ; 
Section 3.4: paragraph 1 ); and 

restoration means which restore the altered or deleted log file by replacing the 
altered or deleted log file with an unaltered log file from the plurality of identical log files 
when the altered or deleted log file is detected by said alteration detection means 
(Section 5: paragraph 1 ), wherein the log file can be replaced with a clean backup. 

Claim 2 is. rejected as applied above in rejecting claim 1. Furthermore, Schneier 
discloses: 
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The log file protection system of claim 1 , wherein said log file creation means 
create said plurality of identical log files in parallel, using identical information (Section 
4.2: paragraphs 8-11). 

Claim 3 is rejected as applied above in rejecting claim 1. Furthermore, Schneier 
discloses: 

The log file protection system of claim 1 , further comprising hiding means which 
hide all but one of the plurality of log files (Section 2: paragraph 14), wherein all the 
parallel log files are stored in other locations other than the primary untrusted computer. 

Claim 4 is rejected as applied above in rejecting claim 3. Furthermore, Schneier 
discloses: 

The log file protection system of claim 3, wherein said hiding means periodically 
re-hide said hidden log files in different locations (Section 5: paragraph 1), wherein the 
log file can be replaced with a clean backup, which is moving the hidden log file to the 
untrusted machine. 

Claim 5 is rejected as applied above in rejecting claim 3. Furthermore, Schneier 
discloses: 

The log file protection system of claim 3, wherein said hiding means re-hide said 
hidden log files in different locations, when alteration or deletion is detected by said 
alteration detection means (Section 5: paragraph 1), wherein the log file can be 
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replaced with a clean backup, which is moving the hidden log file to the untrusted 
machine. 

Claim 6 is rejected as applied above in rejecting claim 5. Furthermore, Schneier 
discloses: 

The log file protection system of claim 5, further comprising means which perform 
additional processing, when alteration or deletion is detected by said alteration detection 
means (Section 5: paragraph 1), wherein the log file can be replaced with a clean 
backup, which is moving the hidden log file to the untrusted machine. 

Claim 8 is rejected as applied above in rejecting claim 1. Furthermore, Schneier 
discloses: 

The log file protection system of claim 1 , further comprising means which perform 
additional processing when alteration or deletion is detected by said alteration detection 
means (Section 5: paragraph 1 ), wherein the log file can be replaced with a clean 
backup, which is moving the hidden log file to the untrusted machine. 

Claim 9 is rejected as applied above in rejecting claim 2. Furthermore, Schneier 
discloses: 

The log file protection system of claim 2, further comprising means which perform 
additional processing when alteration or deletion is detected by said alteration detection 



Application/Control Number: 09/710,203 Page 6 

Art Unit: 2131 

means (Section 5: paragraph 1), wherein the log file can be replaced with a clean 
backup, which is moving the hidden log file to the untrusted machine. 

Claim 10 is rejected as applied above in rejecting claim 2. Furthermore, Schneier 
discloses: 

The log file protection system of claim 2, further comprising hiding means which 
hide all but one of the plurality of identical log files (Section 2: paragraph 14), wherein 
all the parallel log files are stored in other locations other than the primary untrusted 
computer. 

Claim 1 1 is rejected as applied above in rejecting claim 10. Furthermore, Schneier 
discloses: 

The log file protection system of claim 10, further comprising means which 
perform additional processing when alteration or deletion is detected by said alteration 
detection means (Section 5: paragraph 1 ), wherein the log file can be replaced with a 
clean backup, which is moving the hidden log file to the untrusted machine. 

Claim 12 is rejected as applied above in rejecting claim 10. Furthermore, Schneier 
discloses: 

The log file protection system of claim 10, wherein said hiding means re-hide 
said hidden log files in different locations, when alteration or deletion is detected by said 
alteration detection means (Section 5: paragraph 1 ), wherein the log file can be 
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replaced with a clean backup, which is moving the hidden log file to the untrusted 
machine. 

Claim 13 is rejected as applied above in rejecting claim 12. Furthermore, Schneier 
discloses: 

The log file protection system of claim 12, further comprising means which 
perform additional processing when alteration or deletion is detected by said alteration 
detection means (Section 5: paragraph 1), wherein the log file can be replaced with a 
clean backup, which is moving the hidden log file to the untrusted machine. 

Claim 14 is rejected as applied above in rejecting claim 10. Furthermore, Schneier 
discloses: 

The log file protection system of claim 10, wherein said hiding means periodically 
re-hide said hidden log files in different locations (Section 5: paragraph 1), wherein the 
log file can be replaced with a clean backup, which is moving the hidden log file to the 
untrusted machine. 

Claim 15 is rejected as applied above in rejecting claim 14. Furthermore, Schneier 
discloses: 

The log file protection system of claim 14, further comprising means which 
perform additional processing when alteration or deletion is detected by said alteration 
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detection means (Section 5: paragraph 1 ), wherein the log file can be replaced with a 
clean backup, which is moving the hidden log file to the untrusted machine. 

Claim 16 is rejected as applied above in rejecting claim 14. Furthermore, Schneier 
discloses: 

The log file protection system of claim 14, wherein said hiding means periodically 
re-hide said hidden log files in different locations (Section 5: paragraph 1 ), wherein the 
log file can be replaced with a clean backup, which is moving the hidden log file to the 
untrusted machine. 

Claim 17 is rejected as applied above in rejecting claim 16. Furthermore, Schneier 
discloses: 

The log file protection system of claim 16, further comprising means which 
perform additional processing when alteration or deletion is detected by said alteration 
detection means (Section 5: paragraph 1 ), wherein the log file can be replaced with a 
clean backup, which is moving the hidden log file to the untrusted machine. 

Claim 18 is rejected as applied above in rejecting claim 3. Furthermore, Schneier 
discloses: 

The log file protection system of claim 3, further comprising means which perform 
additional processing when alteration or deletion is detected by said alteration detection 
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means (Section 5: paragraph 1), wherein the log file can be replaced with a clean 
backup, which is moving the hidden log file to the untrusted machine. 

Claim 19 is rejected as applied above in rejecting claim 4. Furthermore, Schneier 
discloses: 

The log file protection system of claim 4, further comprising means which perform 
additional processing when alteration or deletion is detected by said alteration detection 
means (Section 5: paragraph 1 ), wherein the log file can be replaced with a clean 
backup, which is moving the hidden log file to the untrusted machine. 

Claim 20 is rejected as applied above in rejecting claim 4. Furthermore, Schneier 
discloses: 

The log file protection system of claim 4, wherein said hiding means periodically 
re-hide said hidden log files in different locations (Section 5: paragraph 1 ), wherein the 
log file can be replaced with a clean backup, which is moving the hidden log file to the 
untrusted machine. 

Claim 21 is rejected as applied above in rejecting claim 20. Furthermore, Schneier 
discloses: 

The log file protection system of claim 20, further comprising means which 
perform additional processing when alteration or deletion is detected by said alteration 
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detection means (Section 5: paragraph 1 ), wherein the log file can be replaced with a 
clean backup, which is moving the hidden log file to the untrusted machine. 

Claim 23 is rejected as applied above in rejecting claim 1 . Furthermore, Schneier 
discloses: 

The log file protection system of claim 1 , wherein said alteration detection means 
monitor said log files by using fingerprint data generated based on the entire content of 
the log file (Section 3: paragraph 5; Section 3.4: paragraph 1 ; Section 3.5: paragraph 
3). 

Claim 24 is rejected as applied above in rejecting claim 1 . Furthermore, Schneier 
discloses: 

The log file protection system of claim 1 , wherein said alteration detection means 
monitor said log files by using fingerprint data generated based on the entire content of 
the log file (Section 5: paragraph 1 ). 

Regarding claim 25, Schneier discloses: 

Recording media which stores a program capable of implementing the log file 
protection system according to any of Claims 1-6,8-21 , or 23-24 on a computer system 
(Section 1: paragraphs 4, 9-11, Section 3.3: paragraph 1; Section 3.4: paragraph 1; 
Section 5: paragraph 1). 
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Regarding claim 26, Schneier discloses: 

A log file protection method for protecting log files in which computer system 
operations have been recorded, comprising: 

(a) creating a plurality of identical log files which record the operations of said 
computer system systems (Section 3.2: paragraph 1 ; Section 4.2: paragraphs 8-1 1 ), 
wherein it is stated that "U 0 should log the data in several parallel logfiles, with each 
logfile using a different untrusted. server as its trusted server"; 

(b) periodically monitoring said plurality of identical log files for alteration or 
deletion (Section 1 : paragraphs 4, 9-1 1 , Section 3.3: paragraph 1 ; Section 3.4: 
paragraph 1); and 

(c) restoring the altered or deleted log file by replacing the altered or deleted log 
file with an unaltered log file from the plurality of identical log files when the altered or 
deleted log file is detected in said periodic monitoring step (Section 5: paragraph 1), 
wherein the log file can be replaced with a clean backup. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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